I am using UltraVNC with a repeater using mode 1 to allow remote control of some of our workstations by home users. The home user installs the vncviewer, connects over the Internet to the repeater which then proxies the communication to the workstation sunning the server component (fairly standard scenario I think).

I want to make use of the plugin's public/private key mechanism for authentication but it appears that I would have to distribute the private key to my co-workers whilst keeping the public key secure on the workstations. This seems back-to-front to me? With public/private keys does it actually matter which of the key pair is kept private and which is distributed (as long as one of them is kept private)? Can the public key be inferred from the private one (obviously, I hope the converse is not true)? Is there another way?

I can see how the plugin works for reverse connections (eg using single click) where the server component is distributed and the helpdesk viewer is private but what are the implications of using it for "normal" connections?